Retiring a Grant

Function

This API enables users to retire a grant.

For example, user A grants operation permissions on CMK A/key to user B and authorizes user C to retire the grant. By doing this, users A, B, and C all can cancel the permissions. After the canceling, user B does not have permissions on CMK A/key anymore.

The following are allowed to call this API:

The user indicated by parameter retiring_principal
The user indicated by parameter grantee_principal when retire-grant has been selected

URI

URI format
POST /v1.0/{project_id}/kms/retire-grant

Parameter description

**Table 1** Parameter description
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

Requests

**Table 2** Request parameters
Parameter	Mandatory	Type	Description
key_id	Yes	String	36-byte ID of a CMK that matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$ Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f
grant_id	Yes	String	64-byte ID of a grant that meets the regular expression ^[A-Fa-f0-9]{64}$ Example: 7c9a3286af4fcca5f0a385ad13e1d21a50e27b6dbcab50f37f30f93b8939827d
sequence	No	String	36-byte serial number of a request message Example: 919c82d4-8046-4722-9094-35c3c6524cff

Responses

None

Examples

The following example describes how to retire a grant whose grant ID is 7c9a3286af4fcca5f0a385ad13e1d21a50e27b6dbcab50f37f30f93b8939827d and the CMK ID is bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e.

Example request

{      
    "key_id": "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
    "grant_id":"7c9a3286af4fcca5f0a385ad13e1d21a50e27b6dbcab50f37f30f93b8939827d"
}

Example response

{
}

{
    "error": {
        "error_code": "KMS.XXXX",
        "error_msg": "XXX"
    }
}

Status Codes

Table 3 lists the normal status code returned by the response.

**Table 3** Status codes
Status Code	Status	Description
200	OK	Request processed successfully.

Exception status code. For details, see Status Codes.

Parent topic: APIs

Previous topic: Revoking a Grant

Next topic: Querying Grants on a CMK

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot